ESET traces the evolution of Webinject Banking Trojans. ESET's Jean-Ian Boutin has been analyzing these forms of threats for several years and his paper titled "The Evolution of Webinject" uncovers many interesting facts about these banking trojans.
Webinjects are used by a number of banking trojans to alter the content of a webpage when a user sees on compromised computer. The trojan is able to inject code such as JavaScript into the browser to interact with the website content and perform various actions. This technique is quite old, but has evolved considerably in the past few years. The rise of banking trojans has also seen a rapid increase in the complexity of webinjects, enhancing further their capabilities. This has presented a perfect opportunity for many cybercriminals to specialize on webinjects, which has led to their commoditization.
When it comes to this malware, it is necessary to know that, is there a universal webinject kit that everyone is using?
Jean-Ian Boutin, researcher at ESET Montreal lab commented as,"Yes. Two of these kits grabbed my attention as they were used by several different banking trojan families. The first one is ATSEngine and the second one is the Injeria platform. Together they have been seen in seven different malware families and used in numerous different campaigns."
Pankaj Jain, director at ESET India said, "Jean-Ian has great experience in observing banking trojans and we are very happy to be associated with him. He traced common patterns in different Webinjects used across various banking Trojans. ESET is now headed with a resilient structured anti-trojan action for such trojans"